• Preparation of necessary guide documents for KVKK.
• Examining corporate employment contracts, third party contracts and general and sectoral institution legislation in terms of KVKK.
• Reviewing the policies, procedures and other documents (Data protection, deletion, destruction, anonymization) that will be required to comply with the law as a management system in the institution.
• Examining the existing written service processes of the institution, determining the personal data in the processes and creating a data inventory list.
• Scanning the files on the Institution's File Server to detect the personal data in the files.
• Making a classification that takes into account personal data and critical information assets.
• Performing data risk analysis of inventoried data in terms of KVKK.
• Determination of data retention limits according to the relevant legislation and/or the reasonable framework to be established for the personal data held in the institution.
• Determining corporate needs related to data lifecycle and periodic activities.
• Documenting the recommendations regarding the job descriptions of the unit/person that should be in the structure to be designed to ensure KVKK Compliance.
• Conducting a MED-Privacy Impact Assessment (PIA Report) of the data in the inventory.
• Reviewing the declarations of enlightenment, consent and waiver in accordance with the Communiqué on the "Procedures and Principles to be Complied with in Fulfilling the Liability of Illumination" published in the Official Gazette dated 03.2018 and numbered 30356.
• Examining data acquisition, recording, storage and deletion operation processes and recommending necessary revisions.
• Registration of the institution in VERBIS. Providing consultancy on the appointment of a data controller contact person to communicate with the KVK institution.
• Establishing the necessary organizational structure for KVKS (Personal Data Protection System) and determining job descriptions.
• Submitting the necessary technology recommendations as documents for the healthy use of KVKK and the protection of personal data. In this context, examining the technologies that may be required for data leakage prevention, data masking, encryption, pseudo-transformation, tokenization, anonymization. Providing solution positioning consultancy if necessary.
• Making necessary technology and system suggestions for encrypted storage and protection of Special Quality Personal Data in accordance with the KVKK decision on "Adequate measures to be taken by Data Controllers in the processing of Special Quality Personal Data" published in the Official Gazette dated 01.2018 and numbered 2018/10.
• Examining access authorizations, suggesting necessary regulations, ensuring the separation of critical environments/persons.
• Examining cloud usage and presenting necessary recommendations.
• Giving recommendations for deduplication of documents and systems to ensure integrity with other management standards.

Preparation of the necessary guide documents for KVKK. Institution business contracts, third party contracts and general and sectoral institution legislation in terms of KVKK. Reviewing the policies, procedures and other documents (data protection, deletion, destruction, anonymization) that will be required to comply with the law as the management system of the institution. Examining the existing written service processes of the institution, determining the personal data in the processes and creating a data inventory list. Scanning for the detection of personal data in the files on the File Server of the institution by indexing them. Making a classification that takes personal data and critical information assets into account. Analyzing data risks in terms of KVKK of the inventories. Determining the data retention limits of the personal data kept in the institution according to the relevant legislation and / or the reasonable framework to be established. Determining institutional needs regarding data life cycle and periodic activities. Documentation of recommendations regarding the unit / person job descriptions that should be in the structure to be designed to ensure compliance with KVKK. Making MED- Privacy Impact Assessment (PIA Report) of the data in the inventory. Reviewing the disclosure, consent and renunciation statements in accordance with the “Communiqué on the Procedures and Principles for Fulfilling the Obligation of Disclosure” published in the Official Gazette No. 30356 dated 03.2018. Proposing necessary revisions by examining data retrieval, recording, storing and deletion operations. Registration of the institution to VERBIS. Providing consultancy on assigning a data controller contact person to communicate with the KVK institution. Creating the necessary organizational structure for KVKS (Personal Data Protection System) and determining job descriptions. Presenting the necessary technology suggestions as documents for the healthy use of KVKK and protection of personal data. In this context, examination of technologies that may be required for data leakage prevention, data masking, encryption, pseudonymization, tokenization and anonymization. Providing solution positioning consultancy if necessary. In accordance with the KVKK decision on “Adequate precautions to be taken by the Data Controllers in the processing of Special Quality Personal Data” published in the Official Gazette dated 01.2018 and numbered 2018/10, making the necessary technology and system recommendations for the encrypted storage and protection of Special Quality Personal Data. Examining access authorizations, proposing necessary regulations, ensuring that critical environments / persons are separated. Examining the use of the cloud and providing necessary recommendations. Giving recommendations for deduplication of documents and systems in order to be integrated with other management standards.